Cisco Bug: CSCvv40131 - FTD dropping traffic with reason "snort is busy" causing all traffic to be dropped.
Aug 25, 2020
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
Symptom: FTD may stop punting traffic to snort with reason "snort is busy" causing all traffic to be dropped increasing block export-failed Conditions: ASP drop shows the packet dropped with reason "snort-busy" This issue is hit when snort-busy counters start increasing (when Snort is not able to process traffic quickly enough due to traffic volume), so all traffic will be considered "snort-busy" and therefore dropped for routed interfaces. Here is the way to identify if this issue is hit: Cisco Fire Linux OS v6.4.0 (build 2) Cisco Firepower 9000 Series SM-36 Threat Defense v18.104.22.168 (build 62) > show asp drop | include snort-busy Snort instance is busy (snort-busy) 50106185 > show asp drop | include snort-busy Snort instance is busy (snort-busy) 50106759 > show asp drop | include snort-busy Snort instance is busy (snort-busy) 50123255 - The failed CNT for "show blocks export-failed" for block size 256 increment continuously > show blocks export-failed SIZE FAILED_CNT 0 0 4 0 80 0 256 13759244 1550 0 2048 0 2560 0 4096 0 8192 0 9344 0 16384 0 65536 0
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases